Fake drug scam hijacks British college web sites

By staff and wire services reports

March 5th, 2010

British academic institutions have unwittingly become the accomplices of criminals selling fake drugs online, reports the BBC: A security firm has discovered many organizations using the “.ac.uk” education domain are unknowingly pushing customers to web sites offering the fake pills. The scam exploits software flaws to piggyback on the computing resources of the colleges and universities. Researchers at security company Imperva believe “thousands” of organizations in the U.K. might have fallen victim.

“It’s a pretty successful campaign,” said Amichai Shulman, of the firm, which uncovered the targeted attack. Imperva has found that many higher-education institutions that use the “.ac.uk” domain are unknowingly helping customers get through to the spammers’ sites. In most cases, the spammers have exploited vulnerabilities in a widely used technology called PHP. Many organizations use this technology to make web sites more interactive. “They used these vulnerabilities to inject PHP code into the site,” said Shulman of the scam. The injected code included search terms associated with drugs such as Viagra, Cialis, and many others. Also included was code that spotted when a visitor arrived at a compromised site from Google. When combined, the code meant that when a person searched for the drugs online, the universities’ web addresses would pop up in the top results. Anyone clicking on the link would then be re-directed to a fake pharmacy peddling counterfeit pills. At all other times, a visitor would get through to the proper site. Typing in a web address also would lead straight to the real site…